2004年8月28日第十届全国人民代表大会常务委员会第十一次会议通过 根据2015年4月24日第十二届全国人民代表大会常务委员会第十四次会议《关于修改〈中华人民共和国电力法〉等六部法律的决定》第一次修正 根据2019年4月23日第十三届全国人民代表大会常务委员会第十次会议《关于修改〈中华人民共和国建筑法〉等八部法律的决定》第二次修正
Electronic Signature Law of the People’s Republic of China (Amended in 2019)
（2004年8月28日第十届全国人民代表大会常务委员会第十一次会议通过 根据2015年4月24日第十二届全国人民代表大会常务委员会第十四次会议《关于修改〈中华人民共和国电力法〉等六部法律的决定》第一次修正 根据2019年4月23日第十三届全国人民代表大会常务委员会第十次会议《关于修改〈中华人民共和国建筑法〉等八部法律的决定》第二次修正）
(Adopted at the 11th Session of the Standing Committee of the 10th National People's Congress of the People's Republic of China on August 28, 2004; amended for the first time according to the Decision on Revising Six Laws including the Electric Power Law of the People's Republic of China passed at the 14th Session of the Standing Committee of the 12th National People's Congress of the People's Republic of China on April 24, 2015; and amended for the second time according to the Decision on Amending Eight Laws Including the Construction Law of the People's Republic of China passed at the 10th Session of the Standing Committee of the 13th National People's Congress on April 23, 2019)
第一章 总 则
Chapter 1 General Provisions
Article 1. This Law is formulated for the purposes of standardising the conduct of electronic signature, confirming the legal validity of electronic signature and safeguarding the legal rights and interests of the relevant parties.
Article 2 "Electronic signature" referred to herein shall mean data incorporated into or associated with any electronic form, which may be used to identify the signatory and indicate the signatory's approval of the information contained in the data message.
Data telex "referred to herein shall mean information generated, sent, received or stored by electronic, optical, magnetic or similar means.
Article 3 Parties involved in civil activities may agree to use or not to use electronic signature and data telex for contracts or other documents and instruments.
Documents for which the parties concerned agree to the use of electronic signature and data telex shall not be denied of legal validity on the ground of electronic signature and data telex being used.
The preceding paragraph shall not apply to the following documents:
1. personal relationships such as marriage, adoption and inheritance are involved;
(II) Documents concerning stopping the supply of water, heat, gas and other public utility services; and
(III) Other circumstances under which electronic documents do not apply as prescribed by laws and administrative regulations.
Chapter 2 Electronic Data
Article 4 Data telex that tangibly express the content it recorded and can be investigated and checked at any time shall be deemed as compliance with the written form provided by law and regulations.
Article 5 Any data message meeting the following requirements shall be regarded as satisfying the requirements for the form of the original as prescribed by laws and regulations:
1. Being capable of effectively showing the contents it specifies, and which may be accessed for reference and used at any time; and
2. It can be reliably guaranteed that the contents remain complete and unchanged from the time of final formation. However, the integrity of the data message is not affected by the addition of endorsement to the data message and changes in form that occur during data exchange, storage and display.
Article 6 Any data message meeting the following requirements shall be regarded as satisfying the requirements for document preservation as prescribed by laws and regulations:
1. Being capable of effectively showing the contents it specifies, and which may be accessed for reference and used at any time; and
2. the format of the data message is the same as that when it is created, sent or received, or the format is different but is able to accurately represent the contents originally created, sent, or received; and
(III) Being able to identify the addresser, the addressee, and the time of sending and receiving.
Article 7 No electronic data may be rejected for being used as evidence simply because it was created, sent, received or stored by way of electronic, optical, magnetic or similar means.
Article 8 The following factors shall be considered when examining the authenticity of any data message as evidence:
1. The reliability of the methods used in creating, storing or transmitting the electronic data;
(II) The reliability of the methods used to maintain the integrity of the contents;
(III) The reliability of the methods used to identify the sender;
(IV) Other relevant factors.
Article 9 Under any of the following circumstances, the data message shall be regarded as being sent by the addresser:
1. Being sent with the authorization of the addresser;
(II) An information system of the sender automatically sends;
(III) The consequence is consistent after the validation on the data message by the addressee according to the method approved by the addresser.
Where the parties agree otherwise on the matters prescribed in the preceding paragraph, their agreement shall be followed.
Article 10 Where receipt acknowledgement of the data telex is required by laws and administrative regulations or agreed between the parties, the recipient shall acknowledge receipt of the data telex. Upon receipt by the sender of the recipient's acknowledgement of receipt, the data message shall be deemed to have been received.
Article 11 The time when a data message enters an information system outside the control of the originator shall be deemed to be the time when the data message is sent.
The time at which a data message enters the specific system designated by the recipient for the receipt of data messages shall be deemed to be the time at which the data message enters such specific system; if no specific system is designated, the time at which the data message enters any system of the recipient for the first time shall be deemed to be the time at which the data message is received.
Where the parties agree otherwise on the time of sending and receiving of data telex, such agreement shall prevail.
Article 12 The principal place of business of the originator is the place where data messages are sent and the principal place of business of the addressee is the place where data messages are received. If there is no main place of business, the habitual residence shall be considered the sending or receiving place.
In case the interested parties have different stipulations on the place for sending or receiving data message, the stipulations shall be followed.
Chapter 3 Electronic Signature and Certification
Article 13 Any electronic signature, which satisfies the following conditions, shall be regarded as reliable electronic signature:
1. If data made by electronic signature is used for electronic signature, and if it is owned exclusively by the electronic signatory;
(II) The data made by electronic signature is controlled only by the electronic signatory when signing;
(III) Any alteration to the electronic signature after signing can be detected; and
(IV) Any alteration to the content and form of any data message after signing can be found out.
The parties may choose other electronic signatures which comply with their agreement on reliable requirements.
Article 14. Reliable electronic signatures shall have the same legal validity as handwritten signatures or seals.
Article 15 The electronic signatory shall keep electronic signature creation data properly. In case that an electronic signatory knows that data made by electronic signature has given away official secrets or may give away official secrets, he shall notify relevant parties in time, and terminate the use of the data made by electronic signature.
Article 16 Where a third party's certification is required for the electronic signature, such certification service shall be provided by a legally established electronic certification service provider.
Article 17 The following conditions shall be met when providing electronic certification services:
1. Obtain corporate capacity;
(II) Having professional technicians and managers who are suited to provide electronic certification services;
(III) Having capital and a place of business that meets the requirements for providing electronic certification services;
(IV) Having technology and equipment that comply with the national safety and technology standards;
(V) Having certification documents that use codes that have been approved by the state code administration organ; and
(VI) Other conditions prescribed by laws and administrative regulations.
Article 18. Proposed electronic certification service providers shall apply with the relevant materials to the information industry department of the State Council in accordance with the provisions of Article 17. Upon examination of an application by the information industry department of the State Council and concurring with the commerce administration department of the State Council, the information industry department of the State Council shall decide on approval or non-approval within 45 days from receipt of the application. An electronic certification licence shall be issued to successful applicants; unsuccessful applicants shall be notified in writing and the reason shall be stated.
An electronic certification service provider who has obtained certification shall publicize its name, license number and other information on the Internet in accordance with the provisions of the department of information industry of the State Council.
Article 19 Electronic certification service providers shall formulate and promulgate electronic certification service rules in accordance with relevant State regulations and file them with the information industry department of the State Council for record.
Electronic certification business rules shall cover the scope of liabilities, the criterions of operation, the information safeguard measures and other matters concerned.
Article 20. Electronic signatories shall provide true, complete and accurate information to their electronic certification service provider for the application of an electronic signature certificate.
After receiving an application for an electronic signature certificate, the electronic certification service provider shall check the identity of the applicant and examine relevant materials.
Article 21 An electronic signature certification certificate signed by an electronic certification service provider shall be accurate and have no mistakes, and shall specify the following contents:
1. Name of the electronic certification service provider;
2. the name of the certificate holder;
3. Serial number of the certificate;
(IV) validity period of the certificate;
(V) electronic signature verification data of the certificate holder;
(VI) Electronic signature of the electronic certification service provider;
(VII) Other contents prescribed by the competent department of information industry of the State Council.
Article 22. Electronic certification service providers shall guarantee the completeness and accuracy of the contents of the electronic signature certificate within the validity period of the certificate and that parties relying on the electronic signature are able to verify and understand the contents and other relevant matters recorded on the electronic signature certificate.
Article 23. Electronic certification service providers suspending or terminating their electronic certification service shall inform the relevant parties of the service takeover and other matters at least 90 days prior to the suspension or termination of the service.
In the event an electronic certification service provider intends to suspend or terminate his/her/its electronic certification service, he/she/it shall report to the department of information industry of the State Council 60 days before suspending or terminating the service, and negotiate with other electronic certification service providers about the carrying-on of the operation, so as to make proper arrangements.
In the event an electronic certification service provider fails to reach an agreement on the carrying-on of the operation with another electronic certification service provider, he/she/it shall apply to the department of information industry of the State Council to arrange another electronic certification service provider to carry on the operation.
In the event an electronic certification service provider's electronic certification licensing certificate is revoked in accordance with the law, the takeover of its business shall be handled in accordance with the provisions of the department of information industry of the State Council.
Article 24. Electronic certification service providers shall maintain certification information properly for at least 5 years from the date of expiry of an electronic signature certificate.
Article 25 The competent department of information industry of the State Council shall formulate specific measures for the administration of electronic certification service industry in accordance with the present Law, and conduct supervision over electronic certification service providers according to law.
Article 26. Upon verification by the information industry department of the State Council on the basis of relevant agreements or reciprocity, electronic signature certificates issued overseas by foreign electronic certification service providers shall have the same legal validity as electronic signature certificates issued by electronic certification service providers established in accordance with the Law.
Chapter 4 Legal Liabilities
Article 27 In the event an electronic signatory knows that any data made by electronic signature has given away official secrets or may have given away official secrets but fails to inform the relevant parties concerned in a timely manner and terminate the use of such data, or fails to provide authentic, complete and accurate information to the electronic service provider, or has any other fault resulting in losses to the party depending on electronic signature and the electronic certification service provider, he/she/it shall be liable for compensation.
Article 28. Where an electronic signatory or parties relying on the electronic signature for undertaking civil activities suffered losses from the electronic signature certification service provided by an electronic certification service provider, the electronic certification service provider shall be liable for compensation if it is unable to prove that it is not at fault.
Article 29. Provision of electronic certificate service without licence shall be ordered by the information industry department of the State Council to cease the illegal activity and the illegal income shall be confiscated; a fine ranging from one to three times of the amount of illegal income shall be imposed if the amount of illegal income exceeds RMB300,000; a fine ranging from RMB100,000 to RMB300,000 shall be imposed if there is no illegal income or the amount of illegal income does not exceed RMB300,000.
Article 30. Electronic certification service providers which suspend or terminate their electronic certification service without informing the information industry department of the State Council at least 60 days prior to the suspension or termination of the service shall have a fine ranging from RMB10,000 to RMB50,000 imposed by the information industry department of the State Council on the person-in-charge.
Article 31. Electronic certification service providers which do not comply with the certification service rules or fail to maintain certification information properly or commit other violations shall be ordered by the information industry department of the State Council to make correction within a stipulated time limit; where the correction is not made within the stipulated time limit, the electronic certification permit shall be revoked and the person-in-charge and other accountable personnel shall be prohibited from providing electronic certification service for a 10-year period thereafter. Withdrawal of the electronic certification licence shall be announced and the industrial and commercial administrative department shall be notified.
Article 32. Persons guilty of forgery and unauthorised use of other's electronic signature which constitutes a criminal offence shall be prosecuted for criminal liability in accordance with the law, and shall bear civil liability for losses suffered by other persons therefrom.
Article 33. Personnel of the department in charge of supervision and management of electronic certificate service which do not perform administrative licensing and supervision and management duties in accordance with the law shall be subject to administrative punishment in accordance with the law. Where the case constitutes a criminal offence, criminal liability shall be pursued in accordance with the law.
第五章 附 则
Chapter 5 Supplementary Provisions
Article 34 For purposes of this Law, the definitions of the following terms are:
1. The "electronic signatory" shall refer to the person who holds data made by electronic signature, and who implements electronic signature in his own identity or on behalf of the person he represents;
(II) "Party Depending on Electronic Signature" shall refer to the person who engages in relevant activities based on his trust in any electronic signature certification certificate or Electronic Signature;
(III) "Electronic Signature Certification Certificate" shall refer to the data message or other electronic records that can prove that any electronic signatory has some connection with the data made by electronic signature;
(IV) "Data Made by Electronic Signature" shall refer to data such as the character, coding, etc., used in the course of electronic signature, and to connect the electronic signature with the electronic signatory; and
(V) "Electronic Signature Validation Data" shall refer to the data used for validating Electronic Signature, including codes, passwords, arithmetic or public keys, etc.
Article 35 The State Council and other departments stipulated by the State Council may formulate specific measures on use of electronic signature and data telex in government activities and other social activities pursuant to this Law.
Article 36. This Law shall be effective 1 April 2005.